<?php
/*
 * code to update customer details
*/
session_start();
if(!isset($_SESSION['userid'])){
	header('location:../login.php');
}
else
{
	// Create connection
	include("../inc_files/utils/dbconnection.php");

	//sanitise the input data
	$customerID = $mysqli->real_escape_string($_POST['customerid']);
	$company = $mysqli->real_escape_string($_POST['company']);
	$address = trim($mysqli->real_escape_string($_POST['address']));
	$city = $mysqli->real_escape_string($_POST['city']);
	$state = $mysqli->real_escape_string($_POST['state']);
	$country = $mysqli->real_escape_string($_POST['country']);
	$postalcode = $mysqli->real_escape_string($_POST['postalcode']);
	$primaryContactName = $mysqli->real_escape_string($_POST['primarycontactname']);
	$primaryContactEmail = $mysqli->real_escape_string($_POST['primarycontactemail']);
	$primaryContactTelephone = $mysqli->real_escape_string($_POST['primarycontacttelephone']);

	$query="UPDATE customers SET Company = ?, Address = ?, City = ?, State = ?,  Country = ?, PostalCode = ?,
			PrimaryContactName = ?, PrimaryContactEmail = ?, PrimaryContactTelephone = ? WHERE CustomerID = ?;";

	if($stmt = $mysqli -> prepare($query))	{
		// create the update query

		//bind the parameters to the query
		$stmt -> bind_param("ssssssssss", $company, $address, $city, $state, $country, $postalcode, $primaryContactName, $primaryContactEmail, $primaryContactTelephone, $customerID);

		//execute the query

		$result = $stmt -> execute();

		//tidy up database connection
		$mysqli->close();
	}

	header("Location:listcustomers.php");
}
?>


